661578 – (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369) <net-analyzer/wireshark-2.6.2 - multiple vulnerabilities

Bug 661578 (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369) - <net-analyzer/wireshark-2.6.2 - multiple vulnerabilities

Summary: <net-analyzer/wireshark-2.6.2 - multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://www.wireshark.org/lists/wires...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:	656806
	Show dependency tree

Reported:	2018-07-19 12:11 UTC by Jeroen Roovers (RETIRED)
Modified:	2019-03-11 06:32 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/9299
Package list:	=net-analyzer/wireshark-2.6.2 =media-libs/bcg729-1.0.4
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2018-07-19 12:11:51 UTC

What’s New

  Bug Fixes

   The following vulnerabilities have been fixed:

     • wnpa-sec-2018-34[1]

     • BGP dissector large loop. Bug 13741[2]. CVE-2018-14342[3].

     • wnpa-sec-2018-35[4]

     • ISMP dissector crash. Bug 14672[5]. CVE-2018-14344[6].

     • wnpa-sec-2018-36[7]

     • Multiple dissectors could crash. Bug 14675[8]. CVE-2018-14340[9].

     • wnpa-sec-2018-37[10]

     • ASN.1 BER dissector crash. Bug 14682[11]. CVE-2018-14343[12].

     • wnpa-sec-2018-38[13]

     • MMSE dissector infinite loop. Bug 14738[14]. CVE-2018-14339[15].

     • wnpa-sec-2018-39[16]

     • DICOM dissector crash. Bug 14742[17]. CVE-2018-14341[18].

     • wnpa-sec-2018-40[19]

     • Bazaar dissector infinite loop. Bug 14841[20].
       CVE-2018-14368[21].

     • wnpa-sec-2018-41[22]

     • HTTP2 dissector crash. Bug 14869[23]. CVE-2018-14369[24].

     • wnpa-sec-2018-42[25]

     • CoAP dissector crash. Bug 14966[26]. CVE-2018-14367[27].

Comment 1 Stabilization helper bot gentoo-dev

2018-07-19 13:00:25 UTC

An automated check of this bug failed - repoman reported dependency errors (86 lines truncated): 

> dependency.bad net-analyzer/wireshark/wireshark-2.6.2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['media-libs/bcg729']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.2.ebuild: RDEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['media-libs/bcg729']
> dependency.bad net-analyzer/wireshark/wireshark-2.6.2.ebuild: DEPEND: ppc(default/linux/powerpc/ppc32/13.0) ['media-libs/bcg729']

Comment 2 Larry the Git Cow gentoo-dev

2018-07-20 08:08:01 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0444a2b5f78fc78a5b5e83866f3ae83e1f959c34

commit 0444a2b5f78fc78a5b5e83866f3ae83e1f959c34
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-07-20 08:02:21 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-20 08:07:33 +0000

    net-analyzer/wireshark: stable 2.6.2 for ia64, bug #661578
    
    Bug: https://bugs.gentoo.org/661578
    Package-Manager: Portage-2.3.43, Repoman-2.3.10
    RepoMan-Options: --include-arches="ia64"

 net-analyzer/wireshark/wireshark-2.6.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev

2018-07-21 10:16:58 UTC

commit 12242311037352a91e1d8cdea4f9b3b9ad6ea1e9
Author: Jeroen Roovers <jer@gentoo.org>
Date:   Fri Jul 20 09:07:26 2018 +0200

    net-analyzer/wireshark: Stable for AMD64 x86 too.

Comment 4 Tobias Klausmann (RETIRED) gentoo-dev

2018-07-23 13:10:25 UTC

Stable on alpha.

Comment 5 Mikle Kolyada (RETIRED) archtester

2018-07-23 21:50:08 UTC

arm stable

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2018-07-26 09:16:39 UTC

CVE-2018-14370 (https://nvd.nist.gov/vuln/detail/CVE-2018-14370):
  In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol
  dissector could crash. This was addressed in epan/crypt/airpdcap.c via
  bounds checking that prevents a buffer over-read.

CVE-2018-14369 (https://nvd.nist.gov/vuln/detail/CVE-2018-14369):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2
  dissector could crash. This was addressed in epan/dissectors/packet-http2.c
  by verifying that header data was found before proceeding to header
  decompression.

CVE-2018-14368 (https://nvd.nist.gov/vuln/detail/CVE-2018-14368):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar
  protocol dissector could go into an infinite loop. This was addressed in
  epan/dissectors/packet-bzr.c by properly handling items that are too long.

CVE-2018-14367 (https://nvd.nist.gov/vuln/detail/CVE-2018-14367):
  In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector
  could crash. This was addressed in epan/dissectors/packet-coap.c by properly
  checking for a NULL condition.

CVE-2018-14344 (https://nvd.nist.gov/vuln/detail/CVE-2018-14344):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP
  dissector could crash. This was addressed in epan/dissectors/packet-ismp.c
  by validating the IPX address length to avoid a buffer over-read.

CVE-2018-14343 (https://nvd.nist.gov/vuln/detail/CVE-2018-14343):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1
  BER dissector could crash. This was addressed in
  epan/dissectors/packet-ber.c by ensuring that length values do not exceed
  the maximum signed integer.

CVE-2018-14342 (https://nvd.nist.gov/vuln/detail/CVE-2018-14342):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP
  protocol dissector could go into a large loop. This was addressed in
  epan/dissectors/packet-bgp.c by validating Path Attribute lengths.

CVE-2018-14341 (https://nvd.nist.gov/vuln/detail/CVE-2018-14341):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM
  dissector could go into a large or infinite loop. This was addressed in
  epan/dissectors/packet-dcm.c by preventing an offset overflow.

CVE-2018-14340 (https://nvd.nist.gov/vuln/detail/CVE-2018-14340):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors
  that support zlib decompression could crash. This was addressed in
  epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer
  over-read.

CVE-2018-14339 (https://nvd.nist.gov/vuln/detail/CVE-2018-14339):
  In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE
  dissector could go into an infinite loop. This was addressed in epan/proto.c
  by adding offset and length validation.

Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev

2018-08-11 19:05:34 UTC

ppc64 stable

Comment 8 Matt Turner gentoo-dev

2018-09-16 19:31:18 UTC

ppc keywords dropped

Comment 9 Yury German Gentoo Infrastructure

2019-03-11 06:18:09 UTC

Version no longer in tree

GLSA Vote: No

Thank you all for you work. 
Closing as [noglsa].

Comment 10 Aaron Bauman (RETIRED) gentoo-dev

2019-03-11 06:32:58 UTC

tree is clean